This has concerned me for awhile. I had downloaded and installed many different operating systems and have always verified the integrity and authenticity of the ISO files by checking the hashes and comparing the digital signature to it.

If I had an infected machine or an infected web browser what are the chances of my ISO file being compromised while it's downloading or even after it has been downloaded? Also what if I downloaded the file from a malicious or unofficial source but everything matched (checksums etc.)? If everything matches, does this mean that my download is the way it was meant to be?